Bug 1213387

Summary: [aaa][kerbldap] freeIPA 4.x base dn should be obtained using defaultNamingContext
Product: Red Hat Enterprise Virtualization Manager Reporter: akotov
Component: ovirt-engineAssignee: Martin Perina <mperina>
Status: CLOSED ERRATA QA Contact: Ondra Machacek <omachace>
Severity: urgent Docs Contact:
Priority: unspecified    
Version: 3.6.0CC: baumanmo, bazulay, bugs, gklein, iheim, jbuchta, lpeer, lsurette, msio57, omachace, oourfali, pstehlik, rbalakri, Rhev-m-bugs, rhodain, yeylon, ykaul, ylavi
Target Milestone: ovirt-3.6.0-rcKeywords: Reopened, ZStream
Target Release: 3.6.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 1171395
: 1213772 (view as bug list) Environment:
Last Closed: 2016-03-09 21:02:47 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: Infra RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On: 1171395    
Bug Blocks: 1063095, 1196662, Engineering1197441, 1213772    

Comment 6 Ondra Machacek 2015-06-22 15:14:51 UTC 
Works fine with IPA 4.1.2 in ovirt 3.6.

Btw, I can see that for RHDS it takes the namingContext as well, not defaultNamingContext, worth to fix?
Comment 7 Oved Ourfali 2015-06-22 16:49:21 UTC 
Seems so. 
Alon?
Comment 8 Alon Bar-Lev 2015-06-22 16:56:25 UTC 
389 has defaultNamingContext as far as I know.

$ ldapsearch -H ldap://ldap.corp.redhat.com -b '' -s BASE -x -LLL defaultNamingContext
dn:
defaultNamingContext: dc=redhat,dc=com
Comment 9 Ondra Machacek 2015-06-22 17:13:49 UTC 
Yes, but engine uses namingContext, not defaultNamingContext. So we have same issue as with IPA.
Comment 10 Alon Bar-Lev 2015-06-22 17:18:22 UTC 
(In reply to Ondra Machacek from comment #9)
> Yes, but engine uses namingContext, not defaultNamingContext. So we have
> same issue as with IPA.

oh! I thought the other way around.
I truly do not think we should fix this legacy provider any more.
the ipa fix was because of a change in ipa for existing customers.
not my decision though.
Comment 13 errata-xmlrpc 2016-03-09 21:02:47 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHEA-2016-0376.html